Am Montag, den 18.06.2007, 09:56 +0200 schrieb Michael Schroeder:
On Sat, Jun 16, 2007 at 02:38:06AM +0200, Stephan Hermann wrote:
I think this is more a question to the build admins ;)
Do you plan as well some debian/ubuntu x86_64 architecture archives?
Furthermore, how are you going to deal with signing debian packages? debsign (from debians/ubuntus devscripts package) is not provided in the "deb" rpm. You could do it via the normal "gpg" tool, but for the "plain" debian package maintainer it's normal to use the debian tools. Furthermore it gives the people the right way to do deal with debian packages.
I could provide a patch against the "deb" package, where I include this source form devscripts, because opensuse doesn't need all of the provided scripts in this package.
We're doing the signing in a bit different way, so I'll have to write my own little sign tool. Is it now settled how to sign a debian binary package? AFAIR there were two different tools available.
That's why I was asking. Normally, you sign debian packages with your own key, just the Release file in the repositories are signed with the "release maintainer key" from the distro. So, we have two different ways of signing.
1. Signing the packages with the maintainers/uploaders (for sponsoring uploads) key (normally done via debsign or debuild) 2. Signing the Release file for official repositories (see e.g. http://archive.ubuntu.com/ubuntu/dists/feisty/Release and http://archive.ubuntu.com/ubuntu/dists/feisty/Release.gpg)
The second signing is easy, I think it's the same for all distros, doesn't matter if it's rpm or deb.
The first signing is different. I know in the spec file there is the possibility of signing the resulting packages too, but I don't know if it's handled like in debian.